DeFAI Tool Summary: How to Use AI Agents to Drive On-Chain Asset Management?

For teams that can handle both Web3 and AI dimensions at the same time, this is precisely the window period for entry.

Written by: GO2MARS

Before launching a formal analysis, it’s necessary to first clarify a core concept: DeFAI.

DeFAI is an acronym that combines DeFi (decentralized finance) and AI (artificial intelligence). It refers to introducing AI Agents into on-chain financial scenarios, enabling them to perceive market conditions, independently formulate strategies, and directly execute on-chain operations—thereby completing a series of financial behaviors traditionally requiring professional human operators, such as asset allocation and risk management, without relying on real-time manual intervention.

In short, DeFAI is not a simple AI upgrade of DeFi tools, but an attempt to build a self-operating financial execution layer on-chain.

This track has been heating up rapidly since Q4 2024. Behind it, there are three marquee events worth watching. Each one corresponds to a different layer at which AI Agents enter Web3: breaking out of narrative, building assetized infrastructure, and the real-world execution of capabilities.

The first event took place in July 2024. The Twitter bot Truth Terminal, built by developer Andy Ayrey, quickly went viral after receiving a $50,000 BTC grant from Marc Andreessen, a co-founder of a16z. It sparked the viral spread of the GOAT coin. This was the first time an AI Agent as an on-chain economic participant truly entered the public spotlight.

The second event occurred in October of the same year. Virtuals Protocol surged on the Base network and tokenized the AI Agents themselves. Its ecosystem market cap peaked at over $3.5 billion, becoming a typical representative of the assetization-infrastructure-building phase in the DeFAI track.

The third event involves projects such as Giza, HeyAnon, and Almanak successively deploying on-chain execution-layer systems, pushing the industry from narrative-driven toward productized—AI Agents begin to truly “get hands-on” executing on-chain operations, rather than merely staying at the information-interaction layer.

From the perspective of global market size, multiple research institutions have highly consistent growth forecasts for the AI Agent track:

Figure 1: Forecast comparison of the global AI Agent market size. Data sources: MarketsandMarkets (2025), Grand View Research (2025), BCC Research (2026.01)

However, there is still a significant gap between capital heat and industrial deployment. In McKinsey’s report The State of AI in 2025 released in November 2025 (based on 105 countries and 1,993 respondents), although 88% of organizations are using AI in at least one business function, nearly two-thirds still remain in the experimental or pilot stage. Specifically for the AI Agent domain: 62% of organizations have started experimenting, 23% are advancing toward scaling in at least one function, but the proportion of organizations achieving scaled deployment in any single function is still below 10%.

This data suggests to us that the narrative enthusiasm for the DeFAI track is still ahead of actual deployment progress. Understanding this gap is the prerequisite for objectively assessing the track’s value.

DeFAI’s technical foundation: how AI Agents interact with the on-chain world

To understand how DeFAI operates, first we need to answer a key question: by what mechanism does AI intervene in on-chain financial operations?

The core execution unit of a DeFAI system is an AI Agent built on large language models. According to Wang et al.’s (2023) academic review, its core capabilities can be summarized as a three-layer architecture, and each layer has a corresponding specific function in on-chain scenarios:

• The planning layer is responsible for goal decomposition and route optimization, corresponding to strategy generation and risk assessment in on-chain scenarios;
• The memory layer uses external storage such as vector databases to accumulate information across time periods, carrying historical market data and protocol states;
• The tools layer extends the model’s capabilities so it can call external systems such as DeFi protocols, price oracles, and cross-chain bridges.

But there is one point that needs to be made clear here: AI models themselves cannot directly interact with blockchains. Almost all current DeFAI systems adopt an architecture that separates off-chain reasoning from on-chain execution—the AI Agent completes strategy calculation off-chain, then converts the results into on-chain transaction signals, which are submitted by an execution module. This architectural choice is both a realistic decision under current technical conditions, and it also gives rise to a series of security topics such as private key authorization and permission management.

An AI Agent is essentially an autonomous decision-making system based on a large language model. It enables closed-loop execution through task decomposition, memory management, and tool calling. And today, the AI Agent’s interaction with on-chain asset endpoints has already started to take shape.

Figure 2: Three-layer architecture of AI Agents

DeFAI’s evolution: from information interaction to a closed-loop execution system

Once the technical foundation of DeFAI is clarified, a natural question follows: how did this system step by step reach where it is today?

According to research from The Block, the evolution of DeFAI is not a single leap forward, but instead goes through two distinct stages—from early interaction-focused Agents centered on information processing, to today’s execution-focused systems that can truly intervene in on-chain operations.

There are fundamental differences between the two in terms of goal positioning, technical approaches, and risk levels.

Figure 3: Comparison of the two waves of DeFAI evolution paths

The two-stage evolution storyline can be understood like this:

The first wave is the interactive Agent, with the focus on building an agent framework that can converse and analyze. Representative projects include ElizaOS’s Eliza framework (originally ai16z), Virtuals’ G.A.M.E., and others. At its core, this stage still centers on information tools—an Agent can read, speak, and analyze, but its functional boundaries stop at the information layer and it does not touch any asset execution operations.

The second wave is the execution-focused DeFAI Agent, which truly enters the decision-execution closed loop. Representative projects include HeyAnon, Wayfinder, Giza (ARMA Agent), and Almanak. A common feature of these systems is: the AI runs off-chain, outputs structured strategy signals, and completes transactions through an on-chain execution module. It does not replace existing DeFi protocols; instead, it introduces an AI decision mechanism on top of them, transforming the whole operation chain from “humans issuing instructions” to “Agents executing autonomously.”

The fundamental difference between the two waves is not technical complexity, but whether they truly touch assets. This also means that the second-wave systems face challenges in trust mechanisms, permission design, and security architecture that are far more complex than the first wave—this is exactly what the next chapter will focus on.

DeFAI’s deployment map: four mainstream application scenarios

From the technical architecture to the evolution path, DeFAI’s “what it can do” has gradually become clearer. So, at the actual product level, what real problems is it solving?

Overall, DeFAI’s application explorations today have formed a relatively mature deployment landscape around four core directions, corresponding to four major pain points in on-chain operations: yield efficiency, strategy execution, interaction barriers, and risk control.

Yield optimization: automated rebalancing across protocols

Yield optimization is currently the most mature DeFAI application scenario. Its core logic is: continuously scan deposit annualized yields across major DeFi protocols such as Aave, Compound, and Fluid, combine them with predefined risk parameters to decide whether rebalancing is needed, and perform a transaction-cost analysis before each operation. Only when the yield improvement can cover all gas and transaction fees does it actually move funds—thereby achieving automated optimal allocation across protocols.

Taking Giza as an example: its ARMA Agent launched a stablecoin yield strategy on the Base network in February 2025. It continuously monitors interest-rate changes across protocols such as Aave, Morpho, Compound, and Moonwell. After considering protocol APY, fee costs, and liquidity, it intelligently dispatches users’ funds to maximize returns. According to public data, ARMA currently has about 60,000 unique holders, more than 36,000 deployed Agents, and manages assets (AUA) exceeding $20 million.

In a market environment where yields on DeFi protocols continuously fluctuate, manual monitoring and manual rebalancing are far less efficient and timely than automated systems—this is the core value of this scenario.

Figure 4: Example image of Giza platform ARMA Agent

Quant strategy automation: democratizing “institution-grade” capability

In quant strategy automation scenarios, DeFAI platforms aim to modularize and automate the end-to-end operation modules of traditional quant teams, so that individual users can also access institution-grade strategy execution capabilities.

For example, Almanak supported by Delphi Digital: it launched the AI Swarm system, breaking the quant workflow into four stages:

• The strategy module supports writing investment logic in Python SDK and completing backtesting;
• The execution engine, after obtaining user authorization, automatically runs the audited strategy code and triggers DeFi calls;
• The secure wallet is built using Safe + Zodiac to form a multisig system. Role-based permission control grants strategy execution authority to the AI Agent, ensuring that funds remain within the range the user can control at all times;
• The strategy treasury packages strategies into ERC-7540 standard tradable treasuries, allowing investors to participate in strategy yield distribution in a way similar to fund share participation.

The significance of this architecture is that AI agents take on responsibilities for data analysis, strategy iteration, and risk management. Users only need to provide final approval of the system’s output results, without having to assemble a professional quant team—thereby achieving so-called “equity for institution-level strategies” (as the project claims).

Figure 5: Almanak platform homepage display

Executing natural-language instructions: make DeFi operations as easy as sending a message

The core of this scenario is intent-based DeFi operations driven by user intent. With natural language processing, users issue transaction instructions in everyday language. The AI parses them and converts them into multi-step on-chain operations, greatly reducing the operational barrier for ordinary users.

HeyAnon has built a DeFAI chat platform. Users input instructions through a chat box, and the AI can execute on-chain operations such as token swaps, cross-chain bridging, lending, and staking. It integrates protocols such as the LayerZero cross-chain bridge and Aave v3, supporting multi-chain deployment including Ethereum, Base, and Solana.

Figure 6: HeyAnon platform homepage display

Wayfinder, invested by Paradigm, provides an even further full-chain transaction service. Its AI Agent (called Shells) automatically finds the optimal transaction path across different chains, executing cross-chain transfers, token swaps, NFT interactions, and other operations. Users do not need to worry about underlying gas fees, cross-chain compatibility, and other technical details.

Figure 7: Wayfinder platform homepage display

Overall, natural-language interfaces significantly lower DeFi’s operational barriers, but they also demand higher accuracy in underlying intent parsing. Once the AI’s understanding of an instruction deviates, the operation outcome may be far from the user’s expectations.

Risk management and liquidation monitoring: mechanisms embedded within on-chain protocols

In DeFi lending and leverage scenarios, the most common application of AI Agents is real-time monitoring of the health of on-chain positions, and automatically executing protective actions before liquidation thresholds are reached. This application is gradually being integrated into major mainstream DeFi protocols, becoming a native feature of DeFi platforms.

• Aave measures position safety with a “health factor.” When the health factor falls below 1.0, the borrower’s position immediately triggers liquidation eligibility;
• Compound uses a “liquidation collateral factor” mechanism. When an account’s borrowed balance exceeds the limit set by this factor, liquidation is triggered. The specific parameters for each collateral asset are set separately through on-chain governance.

In 24/7 highly volatile on-chain markets, it is difficult for human monitoring to maintain consistent response efficiency. In this scenario, AI Agents can enable continuous tracking, intelligent evaluation, and automatic intervention, boosting risk-control efficiency to a level that manual monitoring or rule-based automation systems can hardly reach.

Figure 8: Four major mainstream use cases of Agent × DeFi

In summary, the four scenarios above are not independent of each other; they complement a single main line: yield optimization and quant strategy automation target more advanced users with a certain level of asset scale, with core advantages in execution efficiency and strategy precision; natural-language interaction aims to lower the operational barrier for ordinary users; and risk management provides underlying security coverage across all scenarios. Together, the three coordinate to form the basic deployment landscape of DeFAI’s current ecosystem, and they also lay the groundwork for more complex on-chain Agent applications in the future.

DeFAI’s security bottom line: private key management and permission control

The four application scenarios described above—whether yield optimization or quant strategy automation—share only one prerequisite for enabling them: the AI Agent must hold some form of signing permission, meaning it has access to private keys. This is the most critical technical challenge in the entire DeFAI track, and also the one most likely to be obscured by narrative hype—once the signing mechanism has a vulnerability, all upper-layer strategy capabilities lose their meaning.

At present, the industry’s two main approaches for private key security management are MPC (multi-party computation) and TEE (trusted execution environment). Both emphasize different aspects in their security model, automation level, and engineering complexity.

Figure 9: Comparison table of two mainstream private key security management approaches

• MPC (Multi-Party Computation) core idea is to eliminate single points of failure by splitting keys. For example, with a common 2-of-3 threshold signature: even if one key share leaks, an attacker cannot independently complete a signature, and fund security is not affected. Vultisig is a representative product in this direction—a source-available, self-custody multi-chain wallet built on MPC/TSS technology. It uses a no-single-mnemonic architecture, combining key security with user self-custody.
• TEE (Trusted Execution Environment) goes another route: it seals the private key together with the agent code inside a hardware-protected isolated region (enclave). The AI agent performs strategy computation and signing inside the enclave and only outputs the signing results to the chain, while the external environment cannot see the private key at all. Mainstream chips such as Intel SGX, AMD SEV, and ARM CCA provide hardware-level isolation and encryption support. Chainlink has introduced TEE into its oracle network to handle sensitive data and uses remote attestation mechanisms to prove the integrity of the execution environment to the outside world.

However, key security is only the first line of defense. In real deployments, regardless of which key management approach is used, a permission control mechanism must be layered on top to prevent Agents from executing out-of-scope actions. Almanak’s practice provides a relatively complete reference framework: the platform uses TEE to protect both strategy logic and private parameters, and inserts a Zodiac Roles Modifier permission layer between the deployment engine and the Safe smart account held by the user. For every transaction initiated by the AI, it must be compared one by one against predefined whitelists of contract addresses, functions, and parameters. Transactions that do not fall within the authorization scope are automatically rejected.

This implementation of the principle of least privilege has now become an important reference for security design in DeFAI systems. It reveals a deeper logic: DeFAI’s security problems are not essentially a matter of choosing a single technology; rather, they are system engineering formed by the coordination of key management, permission boundaries, and execution auditing. Missing any link may become the weakest node in the entire chain. This is also the starting point for the risk analysis in the next chapter.

The gap between reality and narrative: core risk analysis of DeFAI

The analysis above reveals a key conclusion:

VCX is not priced at a premium because its asset selection is outstanding or its return expectations are higher, but because it sells the channel itself. Here, a question must be answered: what kind of product is VCX, exactly?

From the legal form, it is a closed-end fund registered with the SEC. Its holdings are transparent, its structure is compliant, and there is no fundamental difference from any typical stock-type ETF on the market. But from its practical function, what it sells is not a traditional “investment return expectation,” but an asset-side access qualification—previously only top VC institutions and accredited investors could reach—while this qualification is packaged into tradable unit shares on the NYSE.

Therefore, the market is willing to pay a 16 to 30x NAV premium essentially to price this access right, not to evaluate the future earnings of the underlying assets.

From this perspective, the comparison between VCX and MicroStrategy (MSTR) is quite revealing. On the surface, both are doing something similar: packaging scarce assets that are difficult to obtain directly (Bitcoin / top-tier Pre-IPO equity) into tradable securities in the secondary market, and presenting premiums far exceeding the value of the underlying assets to the market. But their capital operation logic differs fundamentally:

• MSTR raises funds through continuous issuance of convertible bonds and preferred stock, then uses the proceeds to add more Bitcoin purchases. This mechanism gives it the ability to dynamically expand its balance sheet and continuously increase its holdings, providing an endogenous basis to maintain its stock price premium to some extent.
• VCX is constrained by the structural limits of a closed-end fund: its asset scale is basically locked after issuance completion, and it cannot continuously buy new assets through refinancing. The liquidity of its holdings also heavily depends on the underlying companies’ IPO or M&A exit. Once retail sentiment fades, or after the six-month lock-up period ends and tradable shares increase, the pressure to narrow its premium will be far greater than MSTR’s.

VCX vs MSTR (Strategy) model comparison

In other words, MSTR’s premium is supported by a capital mechanism that keeps operating continuously, while VCX’s premium mainly comes from share scarcity + sentiment-driven dynamics. This product logic is not inherently right or wrong, but the risks it contains are harder for the market to price correctly than those of ordinary closed-end funds:

Once retail buys at a price far above NAV, what they are paying is not the value of the assets themselves, but the premium for this access qualification—which, after the underlying companies complete an IPO and a direct trading channel is formed in the public markets, will face intense pressure to quickly go to zero.

Trend outlook

Based on the analysis above, we can make a stage-based judgment about DeFAI’s evolution path. Overall, this track is currently at a critical transition point from concept validation to productization. Its evolution is expected to go through three progressive stages:

Figure 11: DeFAI stage prediction

Note: The table above is a non-deterministic timeline based on an integrated assessment using public industry reports, project progress, and technical maturity.

At the current stage, DeFAI as a whole is transitioning from an assisted-decision period to a semi-autonomous period. Some projects have begun to take on limited autonomous execution capabilities, but human review and fallback mechanisms remain the dominant deployment form. Against this backdrop, combined with current technical maturity and market conditions, there are three judgments worth focusing on.

First, most DeFAI projects today are still essentially automated tools rather than truly autonomous Agents. Products labeled as “DeFAI” at this stage typically have core capabilities that translate human instructions into predefined sequences of DeFi operations. In essence, they are closer to efficient execution interfaces than autonomous systems with independent reasoning and decision-making capabilities. According to McKinsey’s 2025 report, even in general enterprise scenarios, fewer than 10% of organizations have achieved scaled deployment of AI Agents in any single function. In on-chain scenarios, the trust threshold and operational complexity are higher, and there is still a considerable distance between technical demos and truly closed-loop commercial systems.

Second, the most mature—and easiest—for AI Agents to gain institutional trust is not high-risk autonomous trading, but on-chain monitoring, alerting, and governance assistance. In scenarios such as 24/7 position monitoring, liquidation warnings, and governance proposal analysis, on the one hand the tolerance for LLM hallucinations is relatively higher—because incorrect output does not directly trigger fund losses; on the other hand it effectively compensates for humans’ inherent shortcomings in sustained attention. These scenarios are a more realistic path for DeFAI to move from “technical demonstrations” toward “institutional adoption.”

Third, the integration of AI Agents with RWA is the next cross-cutting direction worth paying close attention to in this track. According to RWA.xyz data, as of early April 2026, the total on-chain tokenized RWA asset value exceeds $27 billion (excluding stablecoins), covering multiple categories such as U.S. Treasury bonds, private credit, commodities, corporate bonds, and more. If AI Agents can manage a composite asset portfolio that includes both Treasury bond RWA and stablecoins—for example, automatically adjusting the allocation ratios based on market conditions—then the accessible asset scale would far exceed the current domain dominated by DeFi-native assets. This also makes it possible to truly connect on-chain and off-chain at the asset layer, realizing the synergy of Web3 + AI + TraFi and significantly expanding market imagination.

Conclusion

AI Agents and on-chain asset management are in a critical period transitioning from concept validation to productization. Technical feasibility has been validated to some extent, but challenges such as the risk of LLM hallucinations, the heterogeneity of on-chain data, and the lack of trust infrastructure cannot be solved solely by iterative technical improvements. Instead, they require systematic progress in project architecture design, compliance pathway planning, security system building, and business model validation.

This also implies that this track is still in the early stages of building, and the true competitive landscape has not yet taken shape. For teams capable of handling both Web3 and AI dimensions, this is precisely the window period for entry—whether building more reliable on-chain Agent systems at the execution layer, or bridging key links involving data, permissions, and trust at the infrastructure layer, there is substantial room to fill.

DeFAI’s competitive moat ultimately will not rest on a single model capability or depth of protocol integration, but on whether it can build a truly self-consistent closed loop across technology, compliance, and security.